The old database hashed its passwords (SHA-1), but did not salt them. Looking at the old users table, I wondered how well the rainbow table approach would work - using Google as a big rainbow table. Just feed the hash into the search field and see what comes up.
Here are the results:
The count indicates how many users chose that password. Users spoke dutch, used an azerty keyboard. Of the top 12, I found all but 1 using a Google search. This is why you salt your passwords.
Mind you, it's also a reason to implement a decent password policy. One that does not allow '1234'.
I really wonder about that 1 that I wasn't able to find though. Must be some dutch word.